Facebook account hacking service could lead you into danger

A website which offers an easy way to hack into Facebook accounts could actually lead users into unexpected danger, a security researcher has warned.

Joshua Long says that he stumbled across the French-language "Hack-Face" website, which claims to serve up a password to access anyone's Facebook account, after he received a spam comment on his own blog.

Amusingly, the site at first claims to offer a "recovery" service if you find yourself locked out of your own Facebook account (maybe you've been drinking the sherry too much, and forgotten what you changed your password to) but very rapidly becomes more up-front and acknowledges it can be used to break into anyone's account on the social network.

But what the site would *really* like you to do is create an account with them.

Of course, if you're one of the many people who is still using the same password for multiple websites that's a very bad idea. After all, you could have just given this "Facebook-hacking" website the same password as the one which protects your own Facebook account!

That would certainly be quite a sneaky way of building a database of usernames and passwords.

Josh wasn't slow to spot the irony:

"If someone stumbles upon this site and tries to use it to hack someone else’s Facebook account, they may end up getting their own account hacked instead."

Things can get even worse still, however.

If you attempt to hack (sorry.. recover the password for) a Facebook account, you will be prompted to send a couple of SMS text messages to a number which appears to be related to premium rate services.

Although there's no obvious mention of it on the website, each message may cost the sender €4.50, and who knows if you are effectively signing up to receive more costly and nuisance messages in the future.

You should never trust a website which offers to hack into an account for you. If you've lost access to your own account, contact the website's support team and learn how you might be able to regain access. And never forget that breaking into someone else's account is a criminal act.

Subscribe to the free GCHQ newsletter

Over 75,000 people follow Graham Cluley for news and
advice about computer security and internet privacy.

About the author, Graham Cluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and gives presentations on the topic of computer security and online privacy.
Follow him on Twitter at @gcluley, Google Plus, Facebook, or drop him an email.